CVE-2019-1003089
First published: Thu Apr 04 2019(Updated: )
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Credit: jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PGYER Codefever | <=1.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-1003089?
CVE-2019-1003089 has a medium severity rating due to the unencrypted storage of sensitive credentials.
How do I fix CVE-2019-1003089?
To fix CVE-2019-1003089, you should upgrade the Upload to pgyer Plugin to version 1.32 or later.
What type of data is affected by CVE-2019-1003089?
CVE-2019-1003089 affects sensitive credentials that are stored unencrypted in job config.xml files.
Who can access the credentials exposed by CVE-2019-1003089?
Users with Extended Read permission or access to the Jenkins master file system can view the exposed credentials.
Can CVE-2019-1003089 lead to data breaches?
Yes, CVE-2019-1003089 can potentially lead to data breaches if unauthorized users gain access to the stored credentials.
- agent/author
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/jenkins
- canonical/pgyer codefever
- version/pgyer codefever/1.31